Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f06c79-7c7e-4504-88c0-a8a911a3e2e0/1/eOmACI8M2Z09m05eBVtVLkOsCow.roa
File:                     eOmACI8M2Z09m05eBVtVLkOsCow.roa (raw, json)
Hash identifier:          Rw/Ny34aLgw2IZ7oQuaG25FVruDBfKX3f1FqKhAn4bg=
Subject key identifier:   78:E9:80:08:8F:0C:D9:9D:3D:9B:4E:5E:05:5B:55:2E:43:AC:0A:8C
Certificate issuer:       /CN=fc239ccf26ea38257a07d4094fa6d70b26969fb9
Certificate serial:       019025E26DD0784DB3A708C2612CEA5C63EB
Authority key identifier: FC:23:9C:CF:26:EA:38:25:7A:07:D4:09:4F:A6:D7:0B:26:96:9F:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_COczybqOCV6B9QJT6bXCyaWn7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f06c79-7c7e-4504-88c0-a8a911a3e2e0/1/eOmACI8M2Z09m05eBVtVLkOsCow.roa
Signing time:             Mon 17 Jun 2024 11:08:34 +0000
ROA not before:           Mon 17 Jun 2024 11:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42191
IP address blocks:        195.110.24.0/23 maxlen: 23
                          195.110.24.0/24 maxlen: 24
                          195.110.25.0/24 maxlen: 24
                          2001:67c:14a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f06c79-7c7e-4504-88c0-a8a911a3e2e0/1/_COczybqOCV6B9QJT6bXCyaWn7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f06c79-7c7e-4504-88c0-a8a911a3e2e0/1/_COczybqOCV6B9QJT6bXCyaWn7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_COczybqOCV6B9QJT6bXCyaWn7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Nov 2024 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:e2:6d:d0:78:4d:b3:a7:08:c2:61:2c:ea:5c:63:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc239ccf26ea38257a07d4094fa6d70b26969fb9
        Validity
            Not Before: Jun 17 11:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78e980088f0cd99d3d9b4e5e055b552e43ac0a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:65:07:6f:b9:6f:5a:8a:29:30:e0:6e:9f:ed:
                    d2:6e:b3:90:be:73:ab:27:ff:33:73:c4:7c:64:a3:
                    e3:07:3f:36:20:92:7f:34:78:26:ec:42:dc:c5:fb:
                    83:41:d9:4b:9d:84:8c:ed:70:cb:e4:ca:42:cc:53:
                    89:c6:97:ce:0a:ac:e0:ae:c5:71:6c:3e:4d:2c:30:
                    03:b5:11:59:32:23:54:1e:bc:b5:66:be:10:92:a3:
                    fe:94:69:0c:ab:e4:46:b0:f1:78:81:fe:97:25:7b:
                    e8:d8:19:7d:19:d2:90:c9:97:f6:34:78:a5:56:26:
                    c3:6e:9d:2d:a8:64:aa:0f:a4:56:94:a3:e4:59:96:
                    fb:11:31:80:f6:7d:39:a3:32:27:e3:e3:5f:b0:49:
                    6c:50:a2:fd:80:30:2a:33:87:ee:4e:5d:ed:00:78:
                    55:12:6b:d1:ee:1d:7a:c1:bc:5c:26:56:86:ed:f2:
                    9e:11:26:c8:2f:e1:0e:ab:ba:e8:08:b6:70:36:c0:
                    57:8c:c6:86:7e:3e:d2:95:e7:7d:35:6f:c7:80:06:
                    82:be:52:70:f8:c5:02:e5:6e:d9:d2:79:43:cc:95:
                    52:9c:3b:25:e9:6b:fc:65:54:e4:e9:98:1d:b3:4b:
                    a4:b7:a6:81:ff:1b:14:68:49:97:5a:c7:62:40:1b:
                    43:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E9:80:08:8F:0C:D9:9D:3D:9B:4E:5E:05:5B:55:2E:43:AC:0A:8C
            X509v3 Authority Key Identifier:
                keyid:FC:23:9C:CF:26:EA:38:25:7A:07:D4:09:4F:A6:D7:0B:26:96:9F:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_COczybqOCV6B9QJT6bXCyaWn7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f06c79-7c7e-4504-88c0-a8a911a3e2e0/1/eOmACI8M2Z09m05eBVtVLkOsCow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f06c79-7c7e-4504-88c0-a8a911a3e2e0/1/_COczybqOCV6B9QJT6bXCyaWn7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.24.0/23
                IPv6:
                  2001:67c:14a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:c2:5c:77:ff:57:02:f8:73:8d:7f:ab:58:02:73:15:aa:6e:
         5d:67:31:05:a8:dd:8c:1a:17:5f:3a:61:47:00:7f:2d:7f:9c:
         1a:99:82:ee:23:2c:4a:54:e0:a0:34:59:93:d4:65:9b:1b:c5:
         92:c1:5b:12:2c:b7:16:f5:96:f5:1c:41:1b:3c:86:5f:1d:c5:
         0d:b5:6e:b7:f0:d0:7c:ba:1d:02:ba:a9:62:98:3d:30:34:90:
         36:d4:97:7b:19:75:60:4e:ce:7a:ff:44:21:1a:41:04:4c:d4:
         5d:3b:c9:4b:ab:32:8a:03:ba:0c:58:b4:a6:7a:4e:cf:ae:be:
         e8:51:61:07:7b:bb:5f:7e:73:7f:de:09:50:07:01:29:4d:69:
         ff:dc:5c:18:a5:1c:6b:92:dd:a4:7b:cb:21:4c:76:1e:8f:07:
         30:20:c3:d6:0d:50:c8:51:c2:2d:aa:f8:79:25:90:ae:1d:14:
         fc:79:70:f4:fb:46:91:a7:80:9b:7f:6d:86:6f:16:a3:19:49:
         4f:07:d0:22:29:14:f8:c3:4a:97:aa:e5:fe:63:c0:ce:66:98:
         47:8e:66:d3:d2:cd:76:fd:08:7e:45:bf:20:64:e6:42:6a:5b:
         f2:4a:64:93:a3:a9:d7:e4:09:a4:5d:91:e7:dc:4a:71:9a:53:
         f6:cb:51:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAl4m3QeE2zpwjCYSzqXGPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMjM5Y2NmMjZlYTM4MjU3YTA3ZDQwOTRmYTZkNzBiMjY5
NjlmYjkwHhcNMjQwNjE3MTEwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU5ODAwODhmMGNkOTlkM2Q5YjRlNWUwNTViNTUyZTQzYWMwYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2UHb7lvWoopMOBun+3SbrOQvnOr
J/8zc8R8ZKPjBz82IJJ/NHgm7ELcxfuDQdlLnYSM7XDL5MpCzFOJxpfOCqzgrsVx
bD5NLDADtRFZMiNUHry1Zr4QkqP+lGkMq+RGsPF4gf6XJXvo2Bl9GdKQyZf2NHil
VibDbp0tqGSqD6RWlKPkWZb7ETGA9n05ozIn4+NfsElsUKL9gDAqM4fuTl3tAHhV
EmvR7h16wbxcJlaG7fKeESbIL+EOq7roCLZwNsBXjMaGfj7Sled9NW/HgAaCvlJw
+MUC5W7Z0nlDzJVSnDsl6Wv8ZVTk6Zgds0ukt6aB/xsUaEmXWsdiQBtDxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHjpgAiPDNmdPZtOXgVbVS5DrAqMMB8GA1UdIwQY
MBaAFPwjnM8m6jglegfUCU+m1wsmlp+5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0NPY3p5YnFPQ1Y2QjlRSlQ2YlhDeWFXbjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mMDZjNzktN2M3ZS00NTA0LTg4YzAt
YThhOTExYTNlMmUwLzEvZU9tQUNJOE0yWjA5bTA1ZUJWdFZMa09zQ293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mMDZjNzktN2M3ZS00NTA0LTg4YzAtYThhOTExYTNlMmUw
LzEvX0NPY3p5YnFPQ1Y2QjlRSlQ2YlhDeWFXbjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw24YMA8E
AgACMAkDBwAgAQZ8FKQwDQYJKoZIhvcNAQELBQADggEBAHXCXHf/VwL4c41/q1gC
cxWqbl1nMQWo3YwaF186YUcAfy1/nBqZgu4jLEpU4KA0WZPUZZsbxZLBWxIstxb1
lvUcQRs8hl8dxQ21brfw0Hy6HQK6qWKYPTA0kDbUl3sZdWBOznr/RCEaQQRM1F07
yUurMooDugxYtKZ6Ts+uvuhRYQd7u19+c3/eCVAHASlNaf/cXBilHGuS3aR7yyFM
dh6PBzAgw9YNUMhRwi2q+HklkK4dFPx5cPT7RpGngJt/bYZvFqMZSU8H0CIpFPjD
Speq5f5jwM5mmEeOZtPSzXb9CH5FvyBk5kJqW/JKZJOjqdfkCaRdkefcSnGaU/bL
UX8=
-----END CERTIFICATE-----
Generated at Fri Nov 8 09:57:17 2024 by rpki-client on console-fra.rpki-client.org